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DETAILED ACTION 

Declarations under 37 CFR 1.131 

1 . Applicants submitted the declarations under 37 CFR 1 .1 31 to swear behind the 
Ayi reference. However, the declarations are not sufficient to overcome the Ayi 
reference for the following reasons: 

2. The evidence submitted is insufficient to establish a reduction to practice of the 
invention from a date prior to the date of reduction to practice of the Ayi reference to 
either a constructive reduction to practice or an actual reduction to practice. A general 
allegation that the invention was completed prior to the date of the reference is not 
sufficient. Ex parte Saunders, 1883 CD. 23, 23 O.G. 1224 (Comm'r Pat. 1883). 
Similarly, a declaration by the inventors to the effect that their invention was conceived 
or reduced to practice prior to the reference date, without a statement of facts 
demonstrating the correctness of this conclusion, is insufficient to satisfy 37 CFR 1.131. 
See also MPEP §715.07. 

3. The affidavit or declaration and exhibits must clearly explain which facts or data 
applicant is relying on to show completion of his or her invention prior to the particular 
date. Vague and general statements in broad terms about what the exhibits describe 
along with a general assertion that the exhibits describe a reduction to practice 
"amounts essentially to mere pleading, unsupported by proof or a showing of facts" and, 
thus, does not satisfy the requirements of 37 CFR 1.131(b). In re Borkowski, 505 F.2d 
713, 184 USPQ 29 (CCPA 1974). Applicant must give a clear explanation of the exhibits 
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pointing out exactly what facts are established and relied on by applicant. 505 F.2d at 
.718-19, 184 USPQ at 33. See also In re Harry, 333 F.2d 920, 142 USPQ 164 (CCPA 
1964) (Affidavit "asserts that facts exist but does not tell what they are or when they 
occurred."). See MP'EP §715.07. 

4. For example, in the independent claim 1 , limitations "receiving, within a database 
management system... ", "determining which policies..." and "for each operation in the 
operation set..." correspond to which part(s) of the applicants' Exhibits. Similar 
comments from the above also apply to claims 6, 21 , and 26. 

5. Applicants are requested to specifically point out or map particular portions of the 
Exhibit and dates that correspond to specific limitations of the claims in the Applicant 
submitted Declaration Under 37 C.F.R. §1.131. 

6. Accordingly, Applicants have not established prior invention. The rejection is 
maintained. 

Claim Rejections - 35 USC § 103 

7. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 1 03(a). 

8. Claims 1-5 and 21-25 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Ayi et al. (hereinafter "Ayi", Pub. No.: US 2002/0143735) in view of Hart 
(5,787,428). 

As per claim 1 , Ayi teaches a method for managing access to data in a database 
subject to a plurality of label-based security policies, the method comprising the steps 
of: 

receiving, within a database management system, a request for performing an 
operation set of one or more operations on data in a table of the database (Ayi, page 1 , 
[0006] - [0008]); 

determining which policies, of the plurality of label-based policies, apply to the 
table based on a policy set of one or more policies associated with the table(Ayi, page 
1; [0006] [0008]). 
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Ayi discloses determining whether to perform an operation/access on a dataset 
based on the label associated with the dataset (Ayi, page 1 , [0006]). 

Ayi does not explicitly disclose whether to perform the operation on a row, of the 
table. Hart teaches determining whether to perform the operation on a row of the table 
based on a set of labels associated with the row (Hart, Fig. 4-8, col. 6, lines 5-19). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the access control system of Ayi by incorporating 
determining whether to perform the operation on a row of the table based on a set of 
labels associated with the row as disclosed by Hart (Hart, Fig. 4-8, col. 6, lines 5-19). 
The motivation being to provide different security level and access management for 
different rows in the table. 

As per claim 2, Ayi and Hart teach all the claimed subject matters as discussed in 
claim 1 , and further teach adding a policy column to the table for each policy in the 
policy set associated with the table (Hart, Fig. 4). 

As per claim 3, Ayi and Hart teach all the claimed subject matters as discussed in 
claim 2, and further teach storing a label, of the set of labels associated with the row, in 
a corresponding policy column of the row (Hart, Fig. 4). 
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As per claim 4, Ayi and Hart teach all the claimed subject matters as discussed in 
claim 2, and further teach said step of determining which policies apply further, 
comprising the step of determining whether a column is a policy column (Hart, Fig. 4-8, 
col. 6, lines 5-19). 

As per claim 5, Ayi and Hart teach all the claimed subject matters as discussed in 
claim 1 , and further teach the policy set associated with the table includes two or more 
policies of the plurality of label-based policies (Ayi, page 1 , [0006]-[0008], Hart, Fig. 
4-8). 

Claims 21-25 are rejected on grounds corresponding to the reasons given above 
for claims 1-5. 

9. Claims 6-20 and 26-40 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hayman et al. (hereinafter "Hayman", 5,859,966) in view of Ayi et al. 
(hereinafter "Ayi", Pub. No.: US 2002/0143735 A1). 

As per claim 6, Hayman discloses a method for managing access to data in on a 
policy set of one or more label-based security policies, the method comprising the steps 
of: 

registering one or more packages of routines, wherein each package of said one 
or more packages implements a security model that supports a model set of one or 
more policies of the policy set and said each package includes an access mediation 
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routine (Hayman, col. 8, line 67 col. 9, line 14, col. 9, line 56 - col. 10, line 4, Hayman 
teaches incorporate and installation security software which inherently includes 
registering one or more package of routines, furthermore, applicant admits that 
registering one or more packages of routines are well known in the art, please see 
specification, page 17, 2nd to last line - page 18, line 2); 

associating a first policy of a first model set in a first package with an object 
(Hayman, col. 5, lines 18-60, Hayman teaches labels/policies are applied to each 
object. Please note the labels are plural, which inherently includes a first policy, a 
second policy, etc); and 

invoking the access mediation routine in the first package to determining whether 
to allow operation on data based on the first policy (Hayman, col. 3, line 44 - col. 4, line 
50, col. 9, line 55 - col. 1 0, line 4). 

Hayman teaches the security policy is applied to an object, however, Hayman 
does not explicitly disclose the object is a first table within the database system. Ayi 
teaches applies labels to tables in the database system (Ayi, page 1 , [0006]-[0008]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the security system of Hayman by applying the 
labels/policies to tables in the database system as disclosed by Ayi. The motivation 
being to control access to the data in a table of the database system. 
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As per claim 7, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 6, and further teach forming said each package of said one or more 
packages so that the access mediation routine conforms to a specified interface for 
enforcing a policy in the database management system (Hayman, con. 9, lines 1-13). 

As per claim 8, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 7, and further teach said each package further comprising including 
one or more administrative routines for defining a policy for the model set (Hayman, 
con. 9, line 55 - con. 10, line 4). 

As per claim 9, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 8, and further teach one or more administrative routines for defining 
a policy further comprising including one or more administrative routines for defining a 
name for a particular policy; labels for the particular policy; descriptions for the labels; 
and properties for the labels (Hayrnan, con. 5, lines 18-60). 

As per claim 10, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 6, and further teach invoking an administrative routine of the first 
package for defining the first policy (Hayman, con. 5, lines 18-60). 

As per claim 1 1 , Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 10, and further teach invoking the administrative routine of the first 
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package further comprising providing to the administrative routine of the first package a 
plurality of parameters including a policy name for the first policy and a plurality of label 
names for labels of the first policy (Hayman, col. 5, lines 18-60, col. 6, lines 45-67). 

As per claim 12, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 6, and further teach in response to attempts to operate on data in a 
row in the table, the step of determining that the first policy applies to the table 
(Hayman, col. 5, lines 25-39, Ayi, page 1 , [0006]-[00081 ). 

As per claim 13, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 6, and further teach associating a second policy of a second model 
set in a second package with a second table within the database system; and invoking 
the access mediation routine in the second package for determining whether to allow 
operation on data in the second table based on the second policy (Ayi, page 1 , 
[0006]-[0008]). 

As per claim 14, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 13, and further teach the second model in the second package is the 
same as the first model in the first package (Hayman, col. 5, lines 25-60, Ayi, page 1 , 
[0006]-[0008]). 
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As per claim 15, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 13, and further teach the second model in the second package is 
different from the first model in the first package (Hayman, col. 5, lines 25-60, Ayi, page 
1,[0006]-[0008]). 

As per claim 16, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 13, and further teaches the second table is the same as the first 
table (Hayman, col. 5, lines 25-60, Ayi, page 1., [0006]-[0008]). 

As per claim 17, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 13, and further teach the second table is different from the first table 
(Hayman, Col. 5, lines 25-60, Ayi, page 1 , [0006]-[0008]). 

As per claim 18, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 6, and further teach invoking the access mediation routine in the first 
package further, comprising providing data indicating the first policy to the access 
mediation routine (Hayman, Col. 9, line 55 - Col 10, line 4). 

As per claim 19, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 6, and further teach the method further comprises the step of 
determining a set of allowed labels for the first policy for a user of the database 
management system; said step of invoking the access mediation routine is performed 
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during said step of determining the set of allowed labels; and the user is allowed to 
operate on the data according to the first policy if the data is associated with a label for 
the first policy and the label is included in the set of allowed labels for the first policy 
(Hayman, Col. 5, lines 25-60, col. 9, line 55 - Col. 10, line 4). 

As per claim 20, Hayman and Ayi teach all the claimed subject matters as 
discussed in claim 19, and further teach storing the set of allowed labels in a session 
cache for a communication session between the database management system and the 
user (Hayman, Col. 8, lines 54-67, Ayi, page 1, [0006]-[0008]). 

Claims 26-40 are rejected on grounds corresponding to the reasons given above 
for claims 6-20. 

Response to Arguments 

1 0. Applicant's arguments filed 09/1 8/2006 have been fully considered but they are 
not persuasive. 

Applicants argue, on page 2 of the Response: "An Exhibit need not support all 
claimed limitations", provided any missing limitation is supported by the declaration itself 
MPEP§ 715.07. 

In response to the preceding arguments, Examiner respectfully submits that 
since applicants' did not provide the missing limitations in the Declaration (e.g., 
Applicants correlated the missing limitations on page 3, paragraph 2, in the response 
and not the Declaration) as specified in the above MPEP section. It has been decided 
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that the declarations are not sufficient to overcome the Ayi reference as the missing 
limitations are not correlated in the Declaration itself. 

On page 3 of Applicants' arguments, Applicants states that test script file and test 
script log files do not show the actual code that performs recited steps. For example, it 
is difficult to show the step of "determining which policies.. and the step of 
"determining whether to perform the operation". 

The above statement raises a question as to whether or not the Applicants 
actually possess the code of the claimed invention. Clarification is requested. 

On page 5 of applicants 1 arguments, applicants allege that the examiner is "not 
competent" in the legal sense to make determinations about reductions to practice. 
Applicant's rationale is that the examiner is a "non-expert witness" operating in a court 
of law and thus cannot render scientific, technical, or other specialized opinions. 

These arguments are entirely incorrect. The US Patent and Trademark Office is 
not a court of law. The procedures for examination of patent applications are outlined in 
the Manual Patent Examination Practice (MPEP) not the Federal Rules of Evidence 
used in Federal Courts. 
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The authority to examine patent applications is granted to the Director of the 
Patent and Trademark Office (35 USC 131 ) who in turn delegates the examination of 
specific patent applications to patent examiners. MPEP 706 specifically states: 

"The examiner then reviews all the evidence, including arguments and evidence 
responsive to any rejection, before issuing the next office action." 

Applicant's assertion that the examiner is not allowed, not permitted, or not 
qualified to examine evidence is directly contradicted by the by the requirements of 
MPEP 706, as well as MPEP 707, MPEP 715 and MPEP 716. 

Note particularly, MPEP 715.08: 

"The question of sufficiency of or declarations under 37 CFR 1.131 should be 
reviewed and decided by the Primary Examiner". 

Accordingly, applicant's assertion is not correct. 

Further, Applicants argue that there is no teaching or suggestion in Hayman that 
the Session Monitor, or any component thereof, is associated with a table within a 
database system. 
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In response to the preceding arguments, Examiner respectfully submits that the 
Office Action dated July 17, 2006 states that "Hayman does not explicitly disclose the 
object is a first table within the database system. Ayi teaches applies labels to tables in 
the database system (Ayi, page 1 , [0006]-[0008])." 

Applicants go on to argue that the reference does not disclose that this may be 
registered so that it can be customized and implemented by the user. 

In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., "... this may be registered so that it can be customized and implemented by the 
user") are not recited in the rejected claim(s). Although the claims are interpreted in 
light of the specification, limitations from the specification are not read into the claims. 
See In re Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

Last, Applicants argue that no where does Hayman teach or suggest in the 
above cited portion that a "label" is registered with a database management system. 

In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., a "label" is registered with a database management system) are not recited in the 
rejected claim(s). Although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. See In re Van Geuns, 988 
F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Leslie Wong whose telephone number is (571 ) 272- 
4120. The examiner can normally be reached on Monday to Friday 9:30am - 6:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, CHARLES RONES can be reached on (571) 272-4085. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

(jL^/^ > — 

Leslie Wong 

Primary Patent Examiner 
Art Unit 2164 
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